2022, Information Security, Malware and Phishing

Threat Report Portugal: Q3 & Q4 2022

Security Affairs

APRIL 6, 2023

The Threat Report Portugal: H2 2022 compiles data collected on the malicious campaigns that occurred from July to December, H2, 2022. The Threat Report Portugal: Q3 & Q4 2022 compiles data collected on the malicious campaigns that occurred from Jully to December, Q3 and Q4, 2022. in Q2 2022.

Threat Reports

Threat Reports Phishing Malware Banking

Threat Report Portugal: Q2 2022

Security Affairs

JULY 4, 2022

The Threat Report Portugal: Q2 2022 compiles data collected on the malicious campaigns that occurred from March to June, Q2, 2022. The Threat Report Portugal: Q2 2022 compiles data collected on the malicious campaigns that occurred from March to June, Q2, 2022. Phishing and Malware Q2 2022.

Threat Reports

Threat Reports Phishing Banking Malware

Carbanak malware returned in ransomware attacks

Security Affairs

DECEMBER 26, 2023

Researchers at NCC Group reported that in November they observed the return of the infamous banking malware Carbanak in ransomware attacks. The cybersecurity firm NCC Group reported that in November the banking malware Carbanak was observed in ransomware attacks. ” reads the report published by NCC Group.

Malware

Malware Ransomware Banking Healthcare

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

Security Affairs

APRIL 22, 2024

Microsoft reported that the Russia-linked APT28 group (aka “ Forest Blizzard ”, “ Fancybear ” or “ Strontium ” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028. The vulnerability CVE-2022-38028 was reported by the U.S.

Government

Government Education Phishing Malware

WikiLoader malware-as-a-service targets Italian organizations

Security Affairs

AUGUST 1, 2023

Threat actors are targeting Italian organizations with a phishing campaign aimed at delivering a new malware called WikiLoader. WikiLoader is a new piece of malware that is employed in a phishing campaign that is targeting Italian organizations. ” reads the post published by Proofpoint. ” continues the report.

Malware

Malware Phishing Banking Hacking

Aurora Stealer Malware is becoming a prominent threat in the cybercrime ecosystem

Security Affairs

NOVEMBER 22, 2022

Researchers warn of threat actors employing a new Go-based malware dubbed Aurora Stealer in attacks in the wild. Aurora Stealer is an info-stealing malware that was first advertised on Russian-speaking underground forums in April 2022. Aurora was offered as Malware-as-a-Service (MaaS) by a threat actor known as Cheshire.

Cybercrime

Cybercrime Malware Cryptocurrency Advertising

Xenomorph malware is back after months of hiatus and expands the list of targets

Security Affairs

SEPTEMBER 26, 2023

A new campaign is spreading Xenomorph malware to Android users in the United States, Spain, Portugal, Italy, Canada, and Belgium. Researchers from ThreatFabric uncovered a new campaign spreading Xenomorph malware to Android users in the United States and all over the world. that was significantly improved.

Malware

Malware Banking Phishing Engineering

Cybercriminals Use Azure Front Door in Phishing Attacks

Security Affairs

JUNE 21, 2022

Experts identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. USA) has identified a spike in phishing content delivered via Azure Front Door (AFD), a cloud CDN service provided by Microsoft. 1 – Example of Phishing Page Delivered by Azure Front Door (AFD).

Phishing

Phishing Accountability Hacking Scams

New TA886 group targets companies with custom Screenshotter malware

Security Affairs

FEBRUARY 10, 2023

A recently discovered threat actor, tracked as TA886 by security firm Proofpoint, is targeting organizations in the United States and Germany with new malware dubbed Screenshotter. The experts first spotted the attacks attributed to this threat actor in October 2022, they believe that the group is financially motivated.

Malware

Malware Phishing Spyware Cybercrime

New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS

Security Affairs

FEBRUARY 21, 2024

In the 2022 campaigns, threat actors used European Union reports on the conflict in Ukraine and Ukrainian government reports as lures. Upon opening the reports, the infection process starts leading to the deployment of malware on the victim’s system. The launcher also downloads the next-stage malware from a remote server.

Malware

Malware Phishing Government Passwords

ENISA: Ransomware became a prominent threat against the transport sector in 2022

Security Affairs

MARCH 22, 2023

The report covers incidents in aviation, maritime, railway, and road transport industries between January 2021 and October 2022. During the reporting period, ransomware was the most prominent threat against the sector in 2022. The researchers pointed out that the ransomware attacks doubled compared to the previous year.

Ransomware

Ransomware DDOS Cyber threats Phishing

The Data Breach Perception Problem in 2022

Approachable Cyber Threats

DECEMBER 13, 2022

The 2022 update to our research on the perception of data breach causes that’s helped organizations re-evaluate how they are at risk for a data breach instead of what feels right. In their 2022 report, System Intrusion took the lead, accounting for 40% of all breach events. You may be asking “Why data from 2021 when it’s 2022?”

Data breaches

Data breaches Social Engineering Engineering Phishing

Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors

Security Affairs

MAY 21, 2024

Black Basta has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. In November 2022, Sentinel Labs researchers reported having found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7.

Hacking

Hacking Ransomware Phishing Malware

Threat actors leverage Microsoft Teams to spread malware

Security Affairs

FEBRUARY 17, 2022

Starting in January 2022, security researchers from Avanan observed attackers compromising Microsoft Teams accounts attach malicious executables to chat and infect participants in the conversation. “Starting in January 2022, Avanan observed how hackers are dropping malicious executable files in Teams conversations.

Malware

Malware Phishing Accountability Data breaches

ScrubCrypt used to drop VenomRAT along with many malicious plugins

Security Affairs

APRIL 9, 2024

Fortinet researchers observed a threat actor sending out a phishing email containing malicious Scalable Vector Graphics (SVG) files. The campaign is notable for its utilization of the BatCloak malware obfuscation engine and ScrubCrypt to distribute the malware through obfuscated batch scripts.

Engineering

Engineering Phishing Malware Hacking

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Security Affairs

APRIL 23, 2022

Ukraine CERT-UA warns of phishing attacks on state organizations of Ukraine using the topic “Azovstal” and Cobalt Strike Beacon. The post Phishing attacks using the topic “Azovstal” targets entities in Ukraine appeared first on Security Affairs. To nominate, please visit:? Pierluigi Paganini.

Phishing

Phishing Cybercrime Ransomware Encryption

Asylum Ambuscade spear-phishing campaign targets EU countries aiding Ukrainian refugees

Security Affairs

MARCH 2, 2022

A spear-phishing campaign, tracked as Asylum Ambuscade, targets European government personnel aiding Ukrainian refugees. The phishing messages included a weaponized attachment designed to download a Lua-based malware dubbed SunSeed. net) that appears to belong to a compromised Ukranian armed service member.”

Phishing

Phishing Accountability Government Malware

Grandoreiro banking malware targets Mexico and Spain

Security Affairs

AUGUST 21, 2022

A new Grandoreiro banking malware campaign is targeting organizations in Mexico and Spain, Zscaler reported. Zscaler ThreatLabz researchers observed a Grandoreiro banking malware campaign targeting organizations in the Spanish-speaking nations of Mexico and Spain. ” reads the post published by Zscaler. Pierluigi Paganini.

Banking

Banking Malware Antivirus Phishing

Advanced Phishing 201: How to Prevent Phishing from Impacting Your Users

Duo's Security Blog

MAY 10, 2023

With advanced language-based AI tools like ChatGPT growing increasingly accessible, the battle to prevent phishing attacks from impacting users is no longer answerable with just one security solution. Why is layered security essential against phishing? PCI DSS, HIPAA, etc.)

Phishing

Phishing DNS Authentication Risk

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

Security Affairs

MAY 12, 2024

Black Basta ransomware affiliates have breached over 500 organizations between April 2022 and May 2024, FBI and CISA reported. Black Basta ransomware-as-a-service (RaaS) has been active since April 2022, it impacted several businesses and critical infrastructure entities across North America, Europe, and Australia.

Ransomware

Ransomware Hacking Healthcare Retail

Threat actors target the Ukrainian gov with IcedID malware

Security Affairs

APRIL 16, 2022

Threat actors are targeting Ukrainian government agencies with phishing attacks delivering the IcedID malware. The Ukrainian Computer Emergency Response Team (CERT-UA) uncovered new phishing campaigns aimed at infecting systems of Ukrainian government agencies with the IcedID malware. Pierluigi Paganini.

Malware

Malware Phishing Banking Government

Experts observed Amadey malware deploying LockBit 3.0 Ransomware

Security Affairs

NOVEMBER 9, 2022

Experts noticed that the Amadey malware is being used to deploy LockBit 3.0 Researchers from AhnLab Security Emergency Response Center (ASEC) reported that the Amadey malware is being used to deploy LockBit 3.0 ” reads the report published by the security firm. SecurityAffairs – hacking, Amadey malware).

Malware

Malware Ransomware Cybercrime Phishing

Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack

Security Affairs

APRIL 20, 2023

North Korea-linked APT group Lazarus employed new Linux malware in attacks that are part of Operation Dream Job. North Korea-linked APT group Lazarus is behind a new campaign tracked as Operation DreamJob (aka DeathNote or NukeSped ) that employed Linux malware. “Interestingly, the file extension is not .pdf.

Malware

Malware Social Engineering Education Media

Attackers use website contact forms to spread BazarLoader malware

Security Affairs

MARCH 12, 2022

Threat actors are spreading the BazarLoader malware via website contact forms to evade detection, researchers warn. Researchers from cybersecurity firm Abnormal Security observed threat actors spreading the BazarLoader/BazarBackdoor malware via website contact forms. ” reads the analysis published by Abnormal Security.

Malware

Malware Phishing Ransomware Banking

Top Cybersecurity Companies for 2022

eSecurity Planet

JUNE 7, 2022

They earned the highest score among providers named "Customer's Choice" in Gartner's 2022 "Voice of the Customer” Security Awareness Computer-Based Training report. Application security, information security, network security, disaster recovery, operational security, etc. Improved Data Security.

Cybersecurity

Cybersecurity Identity Theft Encryption Antivirus

Experts warn of the first known phishing attack against PyPI

Security Affairs

AUGUST 28, 2022

The Python Package Index (PyPI) warns of an ongoing phishing campaign to steal developer credentials and distribute malicious updates. The Python Package Index, PyPI, this week warned of an ongoing phishing campaign that aims to steal developer credentials and inject malicious updates to the packages in the repository.

Phishing

Phishing Hacking Accountability Cybercrime

Threats to ICS and industrial enterprises in 2022

SecureList

NOVEMBER 23, 2021

Reducing the life cycle of malware. To avoid detection, more and more cybercriminals are adopting the strategy of frequently upgrading malware in their chosen family. The evolution of modern MaaS platforms makes it much easier for malware operators globally to use this strategy. Actions of various attacker categories.

Spyware

Spyware Phishing Cybercrime Energy and Utilities

Robin Banks phishing-as-a-service platform continues to evolve

Security Affairs

NOVEMBER 7, 2022

The phishing-as-a-service (PhaaS) platform Robin Banks migrated its infrastructure to DDoS-Guard, a Russian bulletproof hosting service. The Robin Banks was first analyzed July 2022, it relies heavily on open-source code and off-the-shelf tooling. ” reads a report published by security firm IronNet.

Banking

Banking Phishing DDOS Authentication

Updated MATA attacks industrial companies in Eastern Europe

SecureList

OCTOBER 18, 2023

In early September 2022, we discovered several new malware samples belonging to the MATA cluster. As we were collecting and analyzing the relevant telemetry data, we realized the campaign had been launched in mid-August 2022 and targeted over a dozen corporations in Eastern Europe from the oil and gas sector and defense industry.

Malware

Malware Phishing Internet Internet

An aggressive malware campaign targets US-based companies with Qakbot to deliver Black Basta Ransomware

Security Affairs

NOVEMBER 24, 2022

Researchers warn of an ongoing aggressive Qakbot malware campaign that leads to Black Basta ransomware infections in the US. Experts at the Cybereason Global SOC (GSOC) team have observed a surge in Qakbot infections as part of an ongoing aggressive Qakbot malware campaign that leads to Black Basta ransomware infections in the US.

Malware

Malware Ransomware DNS Phishing

26 Cyber Security Stats Every User Should Be Aware Of in 2024

Security Affairs

FEBRUARY 8, 2024

26 key cyber security stats for 2024 that every user should know, from rising cyber crime rates to the impact of AI technolog y. Phishing Attacks: Phishing is the top cyber attack, causing 90% of data breaches. Cyber Insurance: US cyber insurance premiums soared by 50% in 2022, reaching $7.2

Social Engineering

Social Engineering Cyber Attacks Cyber Insurance IoT

Russia-linked APT28 and crooks are still using the Moobot botnet

Security Affairs

MAY 3, 2024

The threat actors used the botnet harvest credentials, collect NTLMv2 digests, proxy network traffic, and host spear-phishing landing pages and custom tools. This second botnet exhibits greater discretion and improved operational security, as the associated malware operates exclusively in memory, leaving no malicious files on the disk.

Phishing

Phishing Cryptocurrency Internet Internet

Cuba Ransomware received over $60M in Ransom payments as of August 2022

Security Affairs

DECEMBER 2, 2022

Cuba ransomware gang received more than $60 million in ransom payments related to attacks against 100 entities worldwide as of August 2022. Dollars (USD) and received more than $60 million in ransom payments from over 100 victims worldwide as of August 2022, the US government states. ” reads the report. Pierluigi Paganini.

Ransomware

Ransomware Financial Services Manufacturing Healthcare

APT group UAC-0099 targets Ukraine exploiting a WinRAR flaw

Security Affairs

DECEMBER 25, 2023

The threat actor UAC-0099 is exploiting a flaw in the WinRAR to deliver LONEPAGE malware in attacks against Ukraine. In some attacks, the APT group exploited a high-severity WinRAR flaw CVE-2023-38831 to deliver the LONEPAGE malware. The last-stage malware is the Visual Basic Script (VBS) malware LONEPAGE.

Malware

Malware Phishing Media Hacking

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Security Affairs

JUNE 20, 2022

The developers behind the BRATA Android malware have implemented additional features to avoid detection. The operators behind the BRATA Android malware have implemented more features to make their attacks stealthy. “TAs are modifying their code in order to tailor their malware on specific banking institutions.

Malware

Malware Banking Antivirus Phishing

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

Security Affairs

JANUARY 18, 2024

Google warns that the Russia-linked threat actor COLDRIVER expands its targeting and is developing a custom malware. In the past, the group’s activity involved persistent phishing and credential theft campaigns leading to intrusions and data theft.

Phishing

Phishing Malware Encryption Accountability

Activision Hack Exposes Employee Data and 'Call of Duty' Information

SecureWorld News

FEBRUARY 23, 2023

The news was first reported by cybersecurity and malware research group vx-underground, which posted screenshots of data purportedly stolen from the company. Also worth noting that the Threat Actor(s) did attempt to phish other employees. Other employees did not fall for the phish.

Hacking

Hacking Phishing Data breaches Information Security

The 10th edition of the ENISA Threat Landscape (ETL) report is out!

Security Affairs

NOVEMBER 4, 2022

The Europen Agency for cybersecurity ENISA releases its ENISA Threat Landscape 2022 (ETL) report , which is the annual analysis of the state of the cybersecurity threat landscape. This is the 10 th edition of the annual report and analyzes events that took place between July 2021 and July 2022. ENISA Threat Landscape Report 2022.

Cyber threats

Cyber threats Phishing Social Engineering Ransomware

Tomiris called, they want their Turla malware back

SecureList

APRIL 24, 2023

It is worth noting that while we identified a few targets in other locations, all of them appear to be foreign diplomatic entities of the colored countries: Tomiris’s polyglot toolset Tomiris uses a wide variety of malware implants developed at a rapid pace and in all programming languages imaginable.

Malware

Malware DNS Government Software

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

Security Affairs

SEPTEMBER 21, 2022

Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. ” reads the report published by Recorded Future.

Malware

Malware Telecommunications DNS Hacking

The Data Breach Perception Problem in 2022

Approachable Cyber Threats

DECEMBER 13, 2022

The 2022 update to our research on the perception of data breach causes that’s helped organizations re-evaluate how they are at risk for a data breach instead of what feels right. In their 2022 report, System Intrusion took the lead, accounting for 40% of all breach events. You may be asking “Why data from 2021 when it’s 2022?”

Data breaches

Data breaches Social Engineering Engineering Phishing

China-linked TA413 group targets Tibetan entities with new backdoor

Security Affairs

SEPTEMBER 26, 2022

A China-linked cyberespionage group, tracked as TA413 (aka LuckyCat) , is exploiting recently disclosed flaws in Sophos Firewall (CVE-2022-1040) and Microsoft Office ( CVE-2022-30190 ) to deploy a never-before-detected backdoor called LOWZERO in attacks aimed at Tibetan entities. in Microsoft Office in attacks in the wild.

Firewall

Firewall Phishing Malware Hacking

StrelaStealer targeted over 100 organizations across the EU and US

Security Affairs

MARCH 25, 2024

The threat actors sent out spam emails with attachments that eventually launched the StrelaStealer malware. The malware StrelaStealer is an email credential stealer that DCSO_CyTec first documented in November 2022. “StrelaStealer malware is an active email credential stealer that is always evolving.

Malware

Malware Encryption Manufacturing Phishing

ERMAC 2.0 Android Banking Trojan targets over 400 apps

Security Affairs

MAY 27, 2022

According to the experts, ERMAC is operated by threat actors behind the BlackRock mobile malware. The malware is available for rent on underground forums for $5000 per month since March 2022. Available for rent on underground forums for $5K/month since March 2022, ERMAC 2.0 A new #Android banker ERMAC 2.0 “ERMAC 2.0

Banking

Banking Malware Cybercrime Phishing

Threat Report Portugal: Q3 & Q4 2022

Threat Report Portugal: Q2 2022

Webinars

Trending Sources

Carbanak malware returned in ransomware attacks

Webinars

Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 Windows flaw

WikiLoader malware-as-a-service targets Italian organizations

Aurora Stealer Malware is becoming a prominent threat in the cybercrime ecosystem

Xenomorph malware is back after months of hiatus and expands the list of targets

Cybercriminals Use Azure Front Door in Phishing Attacks

New TA886 group targets companies with custom Screenshotter malware

New Mustang Panda campaign targets Asia with a backdoor dubbed DOPLUGS

ENISA: Ransomware became a prominent threat against the transport sector in 2022

The Data Breach Perception Problem in 2022

Blackbasta group claims to have hacked Atlas, one of the largest US oil distributors

Threat actors leverage Microsoft Teams to spread malware

ScrubCrypt used to drop VenomRAT along with many malicious plugins

Phishing attacks using the topic “Azovstal” targets entities in Ukraine

Asylum Ambuscade spear-phishing campaign targets EU countries aiding Ukrainian refugees

Grandoreiro banking malware targets Mexico and Spain

Advanced Phishing 201: How to Prevent Phishing from Impacting Your Users

As of May 2024, Black Basta ransomware affiliates hacked over 500 organizations worldwide

Threat actors target the Ukrainian gov with IcedID malware

Experts observed Amadey malware deploying LockBit 3.0 Ransomware

Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack

Attackers use website contact forms to spread BazarLoader malware

Top Cybersecurity Companies for 2022

Experts warn of the first known phishing attack against PyPI

Threats to ICS and industrial enterprises in 2022

Robin Banks phishing-as-a-service platform continues to evolve

Updated MATA attacks industrial companies in Eastern Europe

An aggressive malware campaign targets US-based companies with Qakbot to deliver Black Basta Ransomware

26 Cyber Security Stats Every User Should Be Aware Of in 2024

Russia-linked APT28 and crooks are still using the Moobot botnet

Cuba Ransomware received over $60M in Ransom payments as of August 2022

APT group UAC-0099 targets Ukraine exploiting a WinRAR flaw

BRATA Android Malware evolves and targets the UK, Spain, and Italy

Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

Activision Hack Exposes Employee Data and 'Call of Duty' Information

The 10th edition of the ENISA Threat Landscape (ETL) report is out!

Tomiris called, they want their Turla malware back

Russian Sandworm APT impersonates Ukrainian telcos to deliver malware

The Data Breach Perception Problem in 2022

China-linked TA413 group targets Tibetan entities with new backdoor

StrelaStealer targeted over 100 organizations across the EU and US

ERMAC 2.0 Android Banking Trojan targets over 400 apps

Stay Connected